Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기
이 쓰레드는 보존되었습니다. 만약 도움이 필요하시면 새로운 질문을 올려주세요.
해결된 질문 보존

Certificate problem accessing an internal company website

기업용 Firefox 출시 안내
twic replied
twic
twic

I am trying to reach an internal company website ([URL]), with a certificate chain rooted in a company certificate authority. This works fine in Chrome, and worked in Firefox on my previous computer. But i recently got a new machine, and something somewhere is not quite right. I get an error message looking like this (between the ~~~s):

~~~ Someone could be trying to impersonate the site and you should not continue.

Web sites prove their identity via certificates. Firefox does not trust [URL] because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

Error code: SEC_ERROR_UNKNOWN_ISSUER

View Certificate ~~~

If i click on the error code, i get these details:

~~~ [URL]

Peer's Certificate issuer is not recognised.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Certificate chain:

BEGIN CERTIFICATE-----

[certificate]

END CERTIFICATE-----
BEGIN CERTIFICATE-----

[certificate]

END CERTIFICATE-----
BEGIN CERTIFICATE-----

[certificate]

END CERTIFICATE-----

~~~

If i click 'View Certificate', i get a chain of three certificates:

  1. Subject common name = [certificate]
  2. Subject common name = [certificate]
  3. Subject common name = [certificate]

If i go to Settings > Privacy & Security > View Certificates > Authorities, i can find both the [certificate] certificates. As far as i can tell, they are identical - i can open the certificate from 'View Certificate' and the corresponding one from the certificate manager and flip between tabs, and all the details are the same.

I am using Firefox 120.0, via a flatpak, on Ubuntu 22. I have given the flatpak access to /etc/ssl/certs, where my company's internal CA certificates are located.

To me, this seems like it should all work. The server has a certificate signed by an internal CA, which is signed by another internal CA, and both those internal CA certificates are in my certificate manager. So what is going wrong? Is there any way i can debug this?

I am trying to reach an internal company website ([URL]), with a certificate chain rooted in a company certificate authority. This works fine in Chrome, and worked in Firefox on my previous computer. But i recently got a new machine, and something somewhere is not quite right. I get an error message looking like this (between the ~~~s): ~~~ Someone could be trying to impersonate the site and you should not continue. Web sites prove their identity via certificates. Firefox does not trust [URL] because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates. Error code: SEC_ERROR_UNKNOWN_ISSUER View Certificate ~~~ If i click on the error code, i get these details: ~~~ [URL] Peer's Certificate issuer is not recognised. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain: -----BEGIN CERTIFICATE----- [certificate] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [certificate] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [certificate] -----END CERTIFICATE----- ~~~ If i click 'View Certificate', i get a chain of three certificates: # Subject common name = [certificate] # Subject common name = [certificate] # Subject common name = [certificate] If i go to Settings > Privacy & Security > View Certificates > Authorities, i can find both the [certificate] certificates. As far as i can tell, they are identical - i can open the certificate from 'View Certificate' and the corresponding one from the certificate manager and flip between tabs, and all the details are the same. I am using Firefox 120.0, via a flatpak, on Ubuntu 22. I have given the flatpak access to /etc/ssl/certs, where my company's internal CA certificates are located. To me, this seems like it should all work. The server has a certificate signed by an internal CA, which is signed by another internal CA, and both those internal CA certificates are in my certificate manager. So what is going wrong? Is there any way i can debug this?

글쓴이 Paul 수정일시

모든 댓글 (2)

Mike Kaply
Mike Kaply
  • Moderator
Mozilla 직원

선택된 해결법

From the developer:

> Is the root CA they've identified in the certificate manager is marked as being trusted for websites?

This is something that would be better served as a bugzilla bug.

Can you open a bug here:

https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM

And let me know the bug number? I'll get the devs involved.

twic
twic 질문자

Aha! The certificates were not trusted for websites, and after i marked them as such, everything works fine. Thanks!

I have opened a bug, because i think the error message here could be better: https://bugzilla.mozilla.org/show_bug.cgi?id=1867771